In this guide, we’ll show you how to set up SCIM in Nulab Pass and OneLogin to allow for user provisioning.
Prerequisites
- User provisioning by SCIM (available with Nulab Pass)
- Configured SAML
Supported features
Nulab Pass supports the following user provisioning features:
- Create Managed Accounts
- Update Managed Account attributes
- Deactivate Managed Accounts
- Delete Managed Accounts
Setup in Nulab Pass
Configure the following settings in OneLogin and Nulab Pass.
Setup in Nulab Pass
- Go to your organization settings.
- Select Organization > User provisioning to open the SCIM configuration screen.
- If user provisioning is not enabled:
- Select the “Manage” button.
- Select the “Enable” checkbox.
- Select “Save.”
- Record the SCIM URL somewhere safe.
- If no token has been issued:
- Select the “Generate token” link to issue a token.
- Record your SCIM token somewhere safe.
Setup in OneLogin
- Access the OneLogin management console.
- select “Administration” at the top-right corner.
- Select Applications > Applications on the top tab.
- Select “Add App.”
- Search for ans select “Nulab Pass.”
- Enter the “Display Name” and save.
- Open the “Configuration” of the created application.
- Enter the following, select “Enable,” and then select “Save.”
- Space key: Nulab Pass organization space key
- Service: Nulab Pass
- SCIM bearer token: SCIM token issued by Nulab Pass
- SCIM base URL: SCIM URL issued by Nulab Pass
- In the menu on the left, select “Provisioning” of the created application. Select the “Enable provisioning” checkbox and then “Save.”
- In the menu on the left, select “Parameters” of the created application. Review and update what will be synchronized with user provisioning.
Operation with user provisioning
Create a Managed Account
To add a Managed Account with user provisioning to Nulab Pass, grant application access rights to the user in OneLogin.
- Select Users > Users at the top to display the user list screen and select any user.
- Select “Applications” in the left menu and then the “+” icon.
- Select the application and then “Continue.”
- Enter and save attributes.
- The information entered at the time of granting access rights becomes the account information to be managed by Nulab Pass.
- Select “Pending” on the application to synchronize users.
- When “Provisioned” is displayed, the creation of the Managed Account is complete.
Update Managed Accounts
To update Managed Accounts with user provisioning, update the access information for the user's application in OneLogin.
- Select Users > Users at the top to display the user list screen and select any user.
- Select “Applications” in the left menu and then the application displayed.
- Update the attributes and select “Save.”
- Select “Pending” on the application to synchronize users.
- When “Provisioned” is displayed, updating of the managed account is complete.
Disable or delete Managed Accounts
To disable or delete a Managed Account in user provisioning, set the following to either “Suspend” or “Delete” in the application's “Provisioning.”
This allows you to specify what happens to the Managed Account when you perform the following three operations in OneLogin.
- Delete a user's application access rights
- Suspend a user
- Delete a user
Delete a user's application access rights
- Select any user.
- Select “Application” in the left menu.
- Select the application to open the edit dialog.
- Select “Delete.”
Suspend a user
- Select any user.
- Toggle the “Active” button off.
- Select “Save user.”
Delete a user
- Select any user.
- Select More Actions > Delete.